Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
NEED HELP REMOVING "TROJAN.AGENT" C:\Windows\svchost.exe
Message
<blockquote data-quote="amerriw" data-source="post: 67395" data-attributes="member: 1896"><p>ComboFix 12-08-08.01 - Augie 08/08/2012 19:03:35.2.2 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2299 [GMT -5:00]</p><p>Running from: c:\users\Augie\Desktop\ComboFix.exe</p><p>AV: STOPzilla! *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}</p><p>SP: STOPzilla! *Disabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}</p><p>SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\svchost.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2012-08-09 00:17 . 2012-08-09 00:17 -------- d-----w- c:\users\TEMP</p><p>2012-08-09 00:15 . 2012-08-09 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2012-08-09 00:15 . 2012-08-09 00:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp</p><p>2012-08-08 04:32 . 2012-01-19 15:22 45936 ------w- c:\windows\system32\SBBD.EXE</p><p>2012-08-08 04:32 . 2012-01-12 14:28 74872 ------w- c:\windows\system32\drivers\sbapifs.sys</p><p>2012-08-08 04:32 . 2012-08-08 04:33 -------- d-----w- c:\program files (x86)\STOPzilla!</p><p>2012-08-08 04:32 . 2012-08-09 00:18 -------- d-----w- c:\programdata\STOPzilla!</p><p>2012-08-07 13:29 . 2012-08-07 13:29 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll</p><p>2012-08-07 13:29 . 2012-08-07 13:29 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll</p><p>2012-08-07 13:28 . 2012-08-07 13:28 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll</p><p>2012-07-30 03:46 . 2012-07-30 03:46 -------- d-sh--w- c:\windows\system32\%APPDATA%</p><p>2012-07-30 00:01 . 2012-07-30 00:01 -------- d-----w- c:\windows\Sun</p><p>2012-07-29 23:50 . 2012-07-29 23:50 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\E670.tmp</p><p>2012-07-28 02:39 . 2012-07-28 02:39 181064 ----a-w- c:\windows\PSEXESVC.EXE</p><p>2012-07-28 02:28 . 2012-07-28 02:32 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs</p><p>2012-07-27 04:17 . 2012-07-27 04:17 -------- d-----w- c:\program files (x86)\ESET</p><p>2012-07-27 04:16 . 2012-07-27 04:16 12872 ----a-w- c:\windows\system32\bootdelete.exe</p><p>2012-07-27 04:06 . 2012-07-27 04:16 -------- d-----w- c:\programdata\HitmanPro</p><p>2012-07-21 17:55 . 2012-07-21 17:55 -------- d-----w- c:\users\Augie\AppData\Roaming\SpeedyPC Software</p><p>2012-07-21 17:55 . 2012-07-21 17:55 -------- d-----w- c:\users\Augie\AppData\Roaming\DriverCure</p><p>2012-07-21 17:55 . 2012-07-21 18:03 -------- d-----w- c:\programdata\SpeedyPC Software</p><p>2012-07-21 17:39 . 2012-07-21 17:41 -------- d-----w- c:\users\Augie\AppData\Roaming\GetRightToGo</p><p>2012-07-17 13:36 . 2012-07-17 13:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll</p><p>2012-07-17 13:36 . 2012-07-17 13:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll</p><p>2012-07-12 16:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys</p><p>2012-07-11 01:55 . 2012-07-11 01:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%</p><p>2012-07-11 01:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C09E34C-39F6-4636-B20F-B24AFDB446C0}\mpengine.dll</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2012-08-03 02:02 . 2012-04-12 18:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2012-08-03 02:02 . 2011-09-20 01:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2012-07-12 16:09 . 2012-06-28 16:31 59701280 ----a-w- c:\windows\system32\MRT.exe</p><p>2012-07-03 18:46 . 2012-01-10 18:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2012-06-28 18:40 . 2012-06-28 18:40 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2012-06-02 22:19 . 2012-06-21 15:42 38424 ----a-w- c:\windows\system32\wups.dll</p><p>2012-06-02 22:19 . 2012-06-21 15:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll</p><p>2012-06-02 22:19 . 2012-06-21 15:42 57880 ----a-w- c:\windows\system32\wuauclt.exe</p><p>2012-06-02 22:19 . 2012-06-21 15:42 44056 ----a-w- c:\windows\system32\wups2.dll</p><p>2012-06-02 22:19 . 2012-06-21 15:42 701976 ----a-w- c:\windows\system32\wuapi.dll</p><p>2012-06-02 22:15 . 2012-06-21 15:42 2622464 ----a-w- c:\windows\system32\wucltux.dll</p><p>2012-06-02 22:15 . 2012-06-21 15:42 99840 ----a-w- c:\windows\system32\wudriver.dll</p><p>2012-06-02 20:19 . 2012-06-21 15:42 186752 ----a-w- c:\windows\system32\wuwebv.dll</p><p>2012-06-02 20:15 . 2012-06-21 15:42 36864 ----a-w- c:\windows\system32\wuapp.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((( SnapShot@2012-07-26_02.39.16 )))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>+ 2011-09-26 17:21 . 2011-09-26 17:21 74768 c:\windows\SysWOW64\drivers\SZKG64.sys</p><p>+ 2011-09-26 17:21 . 2011-09-26 17:21 74768 c:\windows\SysWOW64\drivers\is3srv64.sys</p><p>- 2012-07-11 02:03 . 2012-07-25 18:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat</p><p>+ 2012-07-11 02:03 . 2012-08-08 05:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat</p><p>+ 2012-08-07 14:56 . 2012-08-07 14:56 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16A458DF-E0A0-11E1-B636-78E3B55214AC}.dat</p><p>+ 2012-07-11 01:57 . 2012-08-08 05:26 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat</p><p>+ 2010-11-21 03:09 . 2012-07-30 03:03 35166 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin</p><p>+ 2009-07-14 05:10 . 2012-08-09 00:19 45276 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin</p><p>+ 2011-09-19 20:57 . 2012-08-09 00:19 10914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1678713175-1451055111-565092166-1001_UserData.bin</p><p>+ 2012-07-30 05:46 . 2012-08-04 15:05 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat</p><p>+ 2012-01-12 14:28 . 2012-01-12 14:28 57976 c:\windows\system32\drivers\SBREDrv.sys</p><p>+ 2012-07-30 16:34 . 2012-07-30 23:57 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073020120731\index.dat</p><p>+ 2012-07-30 16:34 . 2012-07-30 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat</p><p>+ 2012-07-30 03:46 . 2012-07-31 00:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat</p><p>+ 2012-08-07 14:56 . 2012-08-07 14:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16A458DE-E0A0-11E1-B636-78E3B55214AC}.dat</p><p>+ 2011-11-05 18:50 . 2012-07-26 02:53 5116 c:\windows\system32\wdi\ERCQueuedResolutions.dat</p><p>+ 2012-08-09 00:17 . 2012-08-09 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat</p><p>- 2012-07-26 02:38 . 2012-07-26 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat</p><p>+ 2012-08-09 00:17 . 2012-08-09 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat</p><p>- 2012-07-26 02:38 . 2012-07-26 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat</p><p>+ 2012-08-03 02:02 . 2012-08-03 02:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe</p><p>+ 2012-08-03 01:02 . 2012-08-03 01:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe</p><p>+ 2012-08-03 01:02 . 2012-08-03 01:02 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll</p><p>+ 2012-04-12 18:07 . 2012-08-03 02:02 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>- 2012-04-12 18:07 . 2012-07-12 03:02 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>+ 2011-07-02 21:22 . 2012-08-08 05:26 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat</p><p>- 2011-07-02 21:22 . 2011-07-02 21:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat</p><p>+ 2012-08-07 14:57 . 2012-08-07 14:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat</p><p>+ 2009-07-14 04:54 . 2012-08-09 00:18 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat</p><p>- 2009-07-14 04:54 . 2012-07-26 02:12 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat</p><p>+ 2011-09-21 01:53 . 2012-07-27 04:04 253044 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin</p><p>+ 2011-09-16 22:26 . 2012-08-08 23:50 292830 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin</p><p>- 2009-07-14 02:36 . 2012-07-26 02:32 624856 c:\windows\system32\perfh009.dat</p><p>+ 2009-07-14 02:36 . 2012-08-08 04:48 624856 c:\windows\system32\perfh009.dat</p><p>- 2009-07-14 02:36 . 2012-07-26 02:32 106942 c:\windows\system32\perfc009.dat</p><p>+ 2009-07-14 02:36 . 2012-08-08 04:48 106942 c:\windows\system32\perfc009.dat</p><p>+ 2012-08-03 02:02 . 2012-08-03 02:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe</p><p>+ 2012-08-03 01:02 . 2012-08-03 01:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe</p><p>+ 2012-08-03 01:02 . 2012-08-03 01:02 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll</p><p>- 2009-07-14 05:38 . 2007-01-02 01:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat</p><p>+ 2009-07-14 05:38 . 2012-07-31 03:29 262144 c:\windows\system32\config\systemprofile\ntuser.dat</p><p>+ 2011-09-17 01:22 . 2012-08-06 03:47 212992 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat</p><p>- 2009-07-14 05:01 . 2012-07-26 02:37 231072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat</p><p>+ 2009-07-14 05:01 . 2012-08-09 00:16 231072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat</p><p>+ 2012-08-03 02:02 . 2012-08-03 02:02 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll</p><p>+ 2012-08-03 02:02 . 2012-08-03 02:02 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe</p><p>+ 2009-07-14 04:54 . 2012-08-09 00:18 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat</p><p>+ 2011-09-17 01:22 . 2012-08-06 03:47 2654208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat</p><p>+ 2009-07-14 04:54 . 2012-08-06 03:47 4702208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat</p><p>- 2011-07-02 21:45 . 2012-07-26 02:25 1145736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat</p><p>+ 2011-07-02 21:45 . 2012-08-09 00:16 1145736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat</p><p>- 2011-09-18 14:55 . 2012-07-25 17:17 6468734 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-4096.dat</p><p>+ 2011-09-18 14:55 . 2012-08-09 00:16 6468734 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-4096.dat</p><p>+ 2012-07-12 01:24 . 2012-08-09 00:16 7270804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat</p><p>+ 2009-07-14 04:54 . 2012-08-09 00:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat</p><p>- 2009-07-14 04:54 . 2012-07-26 02:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat</p><p>+ 2009-07-14 02:34 . 2012-07-31 03:33 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat</p><p>- 2009-07-14 02:34 . 2012-07-12 16:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT</p><p>+ 2012-08-03 02:02 . 2012-08-03 02:02 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll</p><p>- 2011-09-18 14:55 . 2012-07-26 02:25 26090820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-8192.dat</p><p>+ 2011-09-18 14:55 . 2012-08-09 00:16 26090820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-8192.dat</p><p>+ 2012-08-08 04:30 . 2012-08-08 04:30 20485120 c:\windows\Installer\1e2b392.msi</p><p>.</p><p>-- Snapshot reset to current date --</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-21 1174016]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]</p><p>"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]</p><p>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]</p><p>"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]</p><p>"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-18 318520]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]</p><p>"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]</p><p>"EnableShellExecuteHooks"= 1 (0x1)</p><p>.</p><p>[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</p><p>Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</p><p>@=""</p><p>.</p><p>R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</p><p>R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 136176]</p><p>R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]</p><p>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]</p><p>R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]</p><p>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]</p><p>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]</p><p>R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 136176]</p><p>R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]</p><p>R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-08 113120]</p><p>R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]</p><p>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]</p><p>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]</p><p>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]</p><p>S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-01-29 77952]</p><p>S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-01-29 38016]</p><p>S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]</p><p>S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]</p><p>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]</p><p>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]</p><p>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-28 203776]</p><p>S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]</p><p>S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]</p><p>S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]</p><p>S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]</p><p>S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]</p><p>S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]</p><p>S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]</p><p>S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]</p><p>S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]</p><p>S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]</p><p>S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]</p><p>S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-28 9079296]</p><p>S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-28 299520]</p><p>S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]</p><p>S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-13 1860672]</p><p>S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]</p><p>S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]</p><p>S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]</p><p>S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]</p><p>S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]</p><p>S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]</p><p>S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]</p><p>S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]</p><p>.</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:02]</p><p>.</p><p>2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job</p><p>- c:\users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:47]</p><p>.</p><p>2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job</p><p>- c:\users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:47]</p><p>.</p><p>2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 01:42]</p><p>.</p><p>2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 01:42]</p><p>.</p><p>2012-08-07 c:\windows\Tasks\HPCeeScheduleForAugie.job</p><p>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]</p><p>"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]</p><p>"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-05-11 28672]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>mStart Page = about:blank</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>FF - ProfilePath - c:\users\Augie\AppData\Roaming\Mozilla\Firefox\Profiles\2t300p0s.default\</p><p>FF - prefs.js: browser.startup.homepage - hxxp://bl158w.blu158.mail.live.com/mail/InboxLight.aspx?fid=1&fav=1&n=1386452326</p><p>FF - prefs.js: network.proxy.type - 0</p><p>.</p><p>.</p><p>------- File Associations -------</p><p>.</p><p>JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]</p><p>@Denied: (2) (LocalSystem)</p><p>"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,</p><p> 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b</p><p>"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,</p><p> 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7</p><p>"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,</p><p> 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57</p><p>"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,</p><p> 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2</p><p>"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,</p><p> aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83</p><p>"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,</p><p> d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b</p><p>"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,</p><p> df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd</p><p>.</p><p>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]</p><p>@Denied: (2) (LocalSystem)</p><p>"Timestamp"=hex:60,c9,2a,dd,ac,74,cd,01</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker4"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>c:\program files (x86)\Bonjour\mDNSResponder.exe</p><p>c:\windows\SysWOW64\ezSharedSvcHost.exe</p><p>c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE</p><p>c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe</p><p>c:\\.\globalroot\systemroot\svchost.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2012-08-08 19:35:11 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2012-08-09 00:35</p><p>ComboFix2.txt 2012-07-26 02:43</p><p>.</p><p>Pre-Run: 431,313,494,016 bytes free</p><p>Post-Run: 431,040,233,472 bytes free</p><p>.</p><p>- - End Of File - - 80153F977B94DF3B64318B613AA20E9B</p></blockquote><p></p>
[QUOTE="amerriw, post: 67395, member: 1896"] ComboFix 12-08-08.01 - Augie 08/08/2012 19:03:35.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2299 [GMT -5:00] Running from: c:\users\Augie\Desktop\ComboFix.exe AV: STOPzilla! *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009} SP: STOPzilla! *Disabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-09 00:17 . 2012-08-09 00:17 -------- d-----w- c:\users\TEMP 2012-08-09 00:15 . 2012-08-09 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-09 00:15 . 2012-08-09 00:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-08-08 04:32 . 2012-01-19 15:22 45936 ------w- c:\windows\system32\SBBD.EXE 2012-08-08 04:32 . 2012-01-12 14:28 74872 ------w- c:\windows\system32\drivers\sbapifs.sys 2012-08-08 04:32 . 2012-08-08 04:33 -------- d-----w- c:\program files (x86)\STOPzilla! 2012-08-08 04:32 . 2012-08-09 00:18 -------- d-----w- c:\programdata\STOPzilla! 2012-08-07 13:29 . 2012-08-07 13:29 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll 2012-08-07 13:29 . 2012-08-07 13:29 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll 2012-08-07 13:28 . 2012-08-07 13:28 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll 2012-07-30 03:46 . 2012-07-30 03:46 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-07-30 00:01 . 2012-07-30 00:01 -------- d-----w- c:\windows\Sun 2012-07-29 23:50 . 2012-07-29 23:50 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\E670.tmp 2012-07-28 02:39 . 2012-07-28 02:39 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-07-28 02:28 . 2012-07-28 02:32 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-07-27 04:17 . 2012-07-27 04:17 -------- d-----w- c:\program files (x86)\ESET 2012-07-27 04:16 . 2012-07-27 04:16 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-07-27 04:06 . 2012-07-27 04:16 -------- d-----w- c:\programdata\HitmanPro 2012-07-21 17:55 . 2012-07-21 17:55 -------- d-----w- c:\users\Augie\AppData\Roaming\SpeedyPC Software 2012-07-21 17:55 . 2012-07-21 17:55 -------- d-----w- c:\users\Augie\AppData\Roaming\DriverCure 2012-07-21 17:55 . 2012-07-21 18:03 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-21 17:39 . 2012-07-21 17:41 -------- d-----w- c:\users\Augie\AppData\Roaming\GetRightToGo 2012-07-17 13:36 . 2012-07-17 13:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll 2012-07-17 13:36 . 2012-07-17 13:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll 2012-07-17 13:36 . 2012-07-17 13:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll 2012-07-17 13:36 . 2012-07-17 13:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll 2012-07-17 13:36 . 2012-07-17 13:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll 2012-07-17 13:36 . 2012-07-17 13:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll 2012-07-17 13:36 . 2012-07-17 13:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll 2012-07-17 13:36 . 2012-07-17 13:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll 2012-07-17 13:36 . 2012-07-17 13:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll 2012-07-12 16:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 01:55 . 2012-07-11 01:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-11 01:03 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C09E34C-39F6-4636-B20F-B24AFDB446C0}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 02:02 . 2012-04-12 18:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 02:02 . 2011-09-20 01:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 16:09 . 2012-06-28 16:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 18:46 . 2012-01-10 18:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 18:40 . 2012-06-28 18:40 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-02 22:19 . 2012-06-21 15:42 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 15:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 15:42 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 15:42 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 15:42 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 15:42 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 15:42 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 15:42 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-21 15:42 36864 ----a-w- c:\windows\system32\wuapp.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-26_02.39.16 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-26 17:21 . 2011-09-26 17:21 74768 c:\windows\SysWOW64\drivers\SZKG64.sys + 2011-09-26 17:21 . 2011-09-26 17:21 74768 c:\windows\SysWOW64\drivers\is3srv64.sys - 2012-07-11 02:03 . 2012-07-25 18:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat + 2012-07-11 02:03 . 2012-08-08 05:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat + 2012-08-07 14:56 . 2012-08-07 14:56 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16A458DF-E0A0-11E1-B636-78E3B55214AC}.dat + 2012-07-11 01:57 . 2012-08-08 05:26 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2010-11-21 03:09 . 2012-07-30 03:03 35166 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-09 00:19 45276 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-09-19 20:57 . 2012-08-09 00:19 10914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1678713175-1451055111-565092166-1001_UserData.bin + 2012-07-30 05:46 . 2012-08-04 15:05 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat + 2012-01-12 14:28 . 2012-01-12 14:28 57976 c:\windows\system32\drivers\SBREDrv.sys + 2012-07-30 16:34 . 2012-07-30 23:57 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073020120731\index.dat + 2012-07-30 16:34 . 2012-07-30 16:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072320120730\index.dat + 2012-07-30 03:46 . 2012-07-31 00:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-07 14:56 . 2012-08-07 14:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16A458DE-E0A0-11E1-B636-78E3B55214AC}.dat + 2011-11-05 18:50 . 2012-07-26 02:53 5116 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-09 00:17 . 2012-08-09 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-26 02:38 . 2012-07-26 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-09 00:17 . 2012-08-09 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-26 02:38 . 2012-07-26 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-03 02:02 . 2012-08-03 02:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe + 2012-08-03 01:02 . 2012-08-03 01:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe + 2012-08-03 01:02 . 2012-08-03 01:02 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll + 2012-04-12 18:07 . 2012-08-03 02:02 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-04-12 18:07 . 2012-07-12 03:02 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2011-07-02 21:22 . 2012-08-08 05:26 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-07-02 21:22 . 2011-07-02 21:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-08-07 14:57 . 2012-08-07 14:56 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat + 2009-07-14 04:54 . 2012-08-09 00:18 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-26 02:12 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-21 01:53 . 2012-07-27 04:04 253044 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-09-16 22:26 . 2012-08-08 23:50 292830 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-07-26 02:32 624856 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-08 04:48 624856 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-26 02:32 106942 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-08 04:48 106942 c:\windows\system32\perfc009.dat + 2012-08-03 02:02 . 2012-08-03 02:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe + 2012-08-03 01:02 . 2012-08-03 01:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe + 2012-08-03 01:02 . 2012-08-03 01:02 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll - 2009-07-14 05:38 . 2007-01-02 01:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat + 2009-07-14 05:38 . 2012-07-31 03:29 262144 c:\windows\system32\config\systemprofile\ntuser.dat + 2011-09-17 01:22 . 2012-08-06 03:47 212992 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 05:01 . 2012-07-26 02:37 231072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-09 00:16 231072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-08-03 02:02 . 2012-08-03 02:02 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll + 2012-08-03 02:02 . 2012-08-03 02:02 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe + 2009-07-14 04:54 . 2012-08-09 00:18 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-09-17 01:22 . 2012-08-06 03:47 2654208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-06 03:47 4702208 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-07-02 21:45 . 2012-07-26 02:25 1145736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-07-02 21:45 . 2012-08-09 00:16 1145736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-09-18 14:55 . 2012-07-25 17:17 6468734 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-4096.dat + 2011-09-18 14:55 . 2012-08-09 00:16 6468734 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-4096.dat + 2012-07-12 01:24 . 2012-08-09 00:16 7270804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2009-07-14 04:54 . 2012-08-09 00:18 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-26 02:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 02:34 . 2012-07-31 03:33 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-07-12 16:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-08-03 02:02 . 2012-08-03 02:02 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll - 2011-09-18 14:55 . 2012-07-26 02:25 26090820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-8192.dat + 2011-09-18 14:55 . 2012-08-09 00:16 26090820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678713175-1451055111-565092166-1001-8192.dat + 2012-08-08 04:30 . 2012-08-08 04:30 20485120 c:\windows\Installer\1e2b392.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-21 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-18 318520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 136176] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-08 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-01-29 77952] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-01-29 38016] S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-28 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-28 9079296] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-28 299520] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-13 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:02] . 2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001Core.job - c:\users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:47] . 2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1678713175-1451055111-565092166-1001UA.job - c:\users\Augie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:47] . 2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 01:42] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-20 01:42] . 2012-08-07 c:\windows\Tasks\HPCeeScheduleForAugie.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448] "LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-05-11 28672] . ------- Supplementary Scan ------- . mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Augie\AppData\Roaming\Mozilla\Firefox\Profiles\2t300p0s.default\ FF - prefs.js: browser.startup.homepage - hxxp://bl158w.blu158.mail.live.com/mail/InboxLight.aspx?fid=1&fav=1&n=1386452326 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%* . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:60,c9,2a,dd,ac,74,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\\.\globalroot\systemroot\svchost.exe . ************************************************************************** . Completion time: 2012-08-08 19:35:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-09 00:35 ComboFix2.txt 2012-07-26 02:43 . Pre-Run: 431,313,494,016 bytes free Post-Run: 431,040,233,472 bytes free . - - End Of File - - 80153F977B94DF3B64318B613AA20E9B [/QUOTE]
Insert quotes…
Verification
Post reply
Top